Database/processes using 100% server cpu

  • Resolved Jozga

    (@jozga)


    11 years, 3 months ago

    Hi,

    I have a very small wordpress site that has about 15 posts and 6 pages, all plugins disabled, everything else untouched. As soon as I connect it to the database (by entering the right info in the config.php file) it uses 100% of my server’s cpu.

    Things I have tested:

    I have deleted the plugins from the site and deleted the posts and pages one by one, even with no content on the site it still uses 100%

    I have exported the site, made a new database and imported it, connected the site to the new database – it uses 100% again.

    I have made a fresh wordpress install and connected it to the database – 100%.

    I have a lot of other sites on the server, the moment I disconnect this site (by removing the config.php) it goes to 2% load, there is no heavy traffic and there is no problem with anything else on the server

    I tried looking at the database in phpmyadmin and running repair and optimise commands, but no effect.

    I am unable to get more info about the running processes. I asked my web host guys who first said that xmlrpc.php was running a lot of processes but after I disabled (and then deleted) that file I was told that ‘There are several processes running the following: index.php’ which doesn’t really help I think.

    My next plan is to copy/paste the posts one by one into a clean install, but does anyone have any suggestions before that? I can’t provide a link as I have to take the site offline as it affects the other sites on my server.

    cheers, Jake

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi Jake,

    Various options :
    – any chance you can access your site’s error_log and see if there’s some weird stuff piling up repeatidly with a very high frequency ? Errors happening less than once per second could be most unlikely to hog your CPU…
    – same deal with the access_log, perhaps there’s a third-party site hammering you for god knows what reason, and you could htaccess-block it
    – talking about htacess : if you block everyone from opening the blog, save your IP, would it work ? Be careful that if you’re on renewable IP, you edit your htacess back right after you’ve made the test
    – could your web host be kind enough to reboot the server / virtual server hosting your site ? I’ve once had a hacker manage to penetrate one hosting account (curse that timthumb.php vulnerability, I uploaded a theme without checking it didn’t contain an exploitable timthumb file, and bam, it got exploited), and even after clearing every single hacked file and the backdoors, there were still processes lurking in memory and unrecognizable from the other legit processes, only a reboot removed them for good
    – I didn’t read you mentioning you actually deleted the wordpress files themselves from the affected blog, only themes and plugins. Could you straightforwardly delete everything in that blog’s folder, and reup from a clean wordpress.zip file ?
    – Not knowing your hosting specs, is one of your sites able to affect another one of your site’s files ? (if it’s the same user and group : yes, if it’s not the same user : no). If yes, it’s a pain, but the infection could actually from another hosted folder…

    Thread Starter Jozga

    (@jozga)

    Hi Sabinou, thanks for your response.

    I took the site offline for a few days, and then tried deleting the wordpress site and uploading a clean new one, so far this seems to have worked. I’ll keep monitoring it with the error log idea and see if the problem reoccurs.

    Oddly, I am pretty sure I tried the clean install thing before I posted, so it seems like the only difference is that it was offline for a few days. This makes me a bit worried it will happen again but fingers crossed.

    By the way, if possible could you elaborate on your last point about hosting specs? I have a master site with a master ftp account that can modify everything, then lots of addon domains in subfolders that I think can’t affect each other.

    Hi Jogza,

    To elaborate on the last point, I was referring to cross-site infections.

    If you have several sites that share the same username as owner, it is possible for a hacker in control of a site to go and change the files of the other sites too.
    If your site #1 is in home/username/public_html/site1,
    and your site #2 is in home/username/public_html/site2,
    any hacker, and even any bot, can try moving one directory above from the hacked site, get a list of the other subdirectories, and proceed to updating, with infections, the other sites.

    The wordpress codex, as well as millions of other sites, explain it better.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Database/processes using 100% server cpu’ is closed to new replies.